The rapid adoption of multi-cloud services and the hybrid work generates a massive increase of the level of vulnerability, the digital identities of end-users becoming an important risk factor. For example, 1 in 5 endpoint devices currently caches critical security information – such as administrator logins – that hackers can use to increase the success rate of ransomware attacks(1). The problem is intensified by the fact that, although they have dedicated solutions – such as Privileged Account Management (WFP) – 87% of local administrators do not use them(2).
In order to support the companies looking to improve their protection against such threats, Datanet Systems organized a seminar on managing identity risk with the use of Illusive Networks solutions, one of the most efficient protection systems on the market. The performance of Illusive technologies has been confirmed in over 130 tests performed in real conditions by “red teams” security specialists.
„Illusive Networks solutions are designed to provide an active defense system. Thus, using Illusive technologies, organizations can create a hostile environment for attackers by stopping lateral movements of threats before they compromise critical data, and can automatically block initial attempts to encrypt ransomware attacks by creating «false targets»“, explained Mihai Pîrvu, presales consultant at Datanet Systems.
Illusive Networks Architecture
To achieve these results, Illusive uses – unlike classic protection systems – an Agentless architecture, which prevents attackers from detecting and disabling existing protection measures, based on three key components:
- Attack Detection System (ADS), which detects threats by analyzing the interaction between them and a set of false targets added in the IT infrastructure, while blocking lateral movements through integrations with Endpoint Detection and Response applications. ADS uses more than 75 techniques to imitate systems, connections, credentials, and other targets targeted by attackers, both internal and external.
- Attack Surface Manager (ASM), which reduces the attack surface by identifying and removing credentials, and access rights that can allow attackers to create breaches and escalate privileges, constantly monitor login processes and breaches of connection rules, facilitate automatic creation and enforcement of access rules and corrective action.
- Attack Intelligence System (AIS), which speeds up the investigation and remediation of attacks, ensuring real-time telemetry data delivered (such as installed files, registry information, Active Directory data, captures of attackers’ activity, tools used by them, etc.)
„The Illusive solution can work both on-premises and in the Cloud, and automatically integrates with operating systems. The implementation takes only few hours, does not require large resources, and works seamlessly in any environment. A single Illusive server supports up to 150,000 endpoint devices, which can be monitored and managed within half the of time allocated by an operator which uses traditional identity management solutions“, also pointed out Mihai Pîrvu.
Presentation and demo
To show how the Illusive solution works, the Datanet specialist gave an overview of the working interface, as well as the standard components and information provided. The presentation was completed with a demonstration detailing the implementation and configuration of the Illusive solution, presenting how to enroll users, create policies and deceptive files, how to use the integrated automation options, etc. The final session of the Datanet webinar included a hands-on demonstration of how a ransomware attack can be detected and monitored and how it can be effectively blocked, by reducing the encryption speed to a few kilobits, giving companies valuable time to take remedial action necessary.
The Illusive Networks solution presentation and demo, made by the Datanet specialist, can be viewed by accessing the full video registration of the „Managing identity risks with Illusive Networks“ webinar.
For additional information about endpoint protection solutions recommended by Datanet Systems specialists, as well as about the services delivered by our company, please contact us by e-mail at email@example.com.
1 – Ransomware – A Global Data Pandemic
2 – Analyzing Identity Risks 2022